diff --git a/gems/canvas_breach_mitigation/lib/canvas_breach_mitigation/masking_secrets.rb b/gems/canvas_breach_mitigation/lib/canvas_breach_mitigation/masking_secrets.rb
index 08aeadc05da66..af8535f962377 100644
--- a/gems/canvas_breach_mitigation/lib/canvas_breach_mitigation/masking_secrets.rb
+++ b/gems/canvas_breach_mitigation/lib/canvas_breach_mitigation/masking_secrets.rb
@@ -32,7 +32,7 @@ def masked_authenticity_token(cookies, options = {})
         encoded_masked_token = masked_token(unmasked_token(cookies["_csrf_token"]))
 
         cookie = { value: encoded_masked_token }
-        %i[domain httponly secure].each do |key|
+        %i[domain httponly secure same_site].each do |key|
           next unless options.key?(key)
 
           cookie[key] = options[key]
diff --git a/gems/request_context/lib/request_context/session.rb b/gems/request_context/lib/request_context/session.rb
index 24520ac02d238..d09578844463a 100644
--- a/gems/request_context/lib/request_context/session.rb
+++ b/gems/request_context/lib/request_context/session.rb
@@ -32,7 +32,8 @@ def call(env)
         ActionDispatch::Request.new(env).cookie_jar[:log_session_id] = {
           value: session_id,
           secure: Rails.application.config.session_options[:secure],
-          httponly: true
+          httponly: true,
+          same_site: Rails.application.config.session_options[:same_site]
         }
       end
 
diff --git a/lib/canvas/request_forgery_protection.rb b/lib/canvas/request_forgery_protection.rb
index a57f0801f2e64..6c3c0813502a9 100644
--- a/lib/canvas/request_forgery_protection.rb
+++ b/lib/canvas/request_forgery_protection.rb
@@ -40,7 +40,7 @@ def verified_request?
 
     def authenticity_token_options
       session_options = CanvasRails::Application.config.session_options
-      options = session_options.slice(:domain, :secure)
+      options = session_options.slice(:domain, :secure, :same_site)
       options[:httponly] = HostUrl.is_file_host?(request.host_with_port)
       options
     end